Methods and systems for managing enterprise assets

US 9,047,582 B2
Filed: 10/04/2002
Issued: 06/02/2015
Est. Priority Date: 06/18/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method for managing assets in a corporate entity, the method comprising:

providing a first server controlled by corporate entity, the first server configured to;

store a plurality of asset profiles associated with a plurality of processor-controlled devices associated with the corporate entity,determine at least one security requirement based at least in part on risk assessment information associated with the plurality of processor-controlled devices associated with the corporate entity, andmonitor the plurality of processor-controlled devices to detect at least one security vulnerability;

communicating a request for data, via an Internet connection, to a distinct second server that physically resides at a location that is outside the control of the corporate entity;

receiving at the first server, in response to the request to the distinct second server, data associated with the at least one security vulnerability, the data received from the distinct second server that is physically outside the control of the corporate entity via the Internet connection; and

wherein receiving comprises filtering received data based on at least one of;

at least one vulnerability profile, at least one asset profile, at lease on configuration standard, at least one risk assessment, and at least one task list.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed methods and systems can be used to manage at least one asset in an Enterprise, where the methods and systems include providing a first server, the first server configured to include at least one asset profile associated with the at least one asset, the first server controlled by the Enterprise, and receiving at the first server, in response to a request to a distinct second server, data associated with at least one vulnerability associated with the at least one asset, where the second server is outside the control of the Enterprise.

Citations

41 Claims

1. A method for managing assets in a corporate entity, the method comprising:
- providing a first server controlled by corporate entity, the first server configured to;
  
  store a plurality of asset profiles associated with a plurality of processor-controlled devices associated with the corporate entity,determine at least one security requirement based at least in part on risk assessment information associated with the plurality of processor-controlled devices associated with the corporate entity, andmonitor the plurality of processor-controlled devices to detect at least one security vulnerability;
  
  communicating a request for data, via an Internet connection, to a distinct second server that physically resides at a location that is outside the control of the corporate entity;
  
  receiving at the first server, in response to the request to the distinct second server, data associated with the at least one security vulnerability, the data received from the distinct second server that is physically outside the control of the corporate entity via the Internet connection; and
  
  wherein receiving comprises filtering received data based on at least one of;
  
  at least one vulnerability profile, at least one asset profile, at lease on configuration standard, at least one risk assessment, and at least one task list.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 32, 33, 34, 35, 36, 37, 38, 39)
- - 2. A method according to claim 1, where receiving comprises receiving at least one of a software patch and a link to a software patch, wherein the software patch is associated with a vulnerability fix.
  - 3. A method according to claim 1, where receiving comprises receiving via at least one of the internet and a portable memory.
  - 4. A method according to claim 1, wherein the request based on at least one of:
    - at least one asset and at least one asset profile.
  - 5. A method according to claim 1, where receiving comprises receiving data at periodic intervals.
  - 6. A method according to claim 1, further comprising requesting data from the at least one distinct second server, the request comprising at least one of a time and a date.
  - 7. A method according to claim 1, further comprising responding to the request based on at least one of a time and a date comprised in the request.
  - 8. A method according to claim 1, where providing comprises providing at least one vulnerability profile associated with at least one of the plurality of assets and the plurality of asset profiles.
  - 9. A method according to claim 8, where receiving comprises querying at least one of the plurality of asset profiles, at least one configuration standard, at least one risk assessment, the at least one vulnerability profile, and at least one task list, to determine whether the received data affects at least one asset.
  - 10. A method according to claim 9, where receiving comprises,receiving a patch based on the received data, andapplying the patch to at least one asset affected by the received data.
  - 11. A method according to claim 1, where receiving comprises receiving at least one vulnerability profile.
  - 12. A method according to claim 1, further comprising querying vulnerability data at the second server based on at least one of:
    - at least one asset, at least one asset profile, a time, and a date.
  - 13. A method according to claim 1, further comprising obtaining a patch based on the received data.
  - 14. A method according to claim 1, further comprising applying a patch to at least one asset, the patch based on the received data and at least one of a global asset configuration and an individual asset configuration associated with that at least one asset.
  - 15. A method according to claim 1, where receiving comprises receiving over a secure communications link.
  - 16. A method according to claim 15, where the secure communications link comprises anonymous secure socket layer (SSL).
  - 17. A method according to claim 1, further comprising requesting data from the distinct second server at fixed intervals.
  - 18. A method according to claim 1, further comprising,receiving the request at the distinct second server, andassociating the request with at least one of an account and privileges.
  - 19. A method according to claim 1, where the request comprises data identifying the at least one asset.
  - 20. A method according to claim 1, further comprising performing an auto-discovery of corporate entity.
  - 21. A method according to claim 1, further comprising performing an inventory of corporate entity.
  - 22. A method according to claim 1, further comprising:
    - performing an auto-discovery of corporate entity,performing an inventory of corporate entity,and conditionally performing, based on the least one of the auto-discovery and the inventory;
      
      creating at least one asset profile, andmodifying the at least one asset profile.
  - 23. A method according to claim 22, where modifying the at least one asset profile comprises modifying the at least one profile based on a remediation module.
  - 24. A method according to claim 1, further comprising,employing an automatic remediation process based on the received data and at least one of:
    - at least one asset profile, at least one configuration standard, at least one risk assessment, at least one vulnerability profile, and at least one task list.
  - 25. A method according to claim 1, further comprising,automatically generating at least one asset task list based on at least one of an automatic inventory and an automatic discovery module, andupdating the at least one asset task list based on an automatic remediation module.
  - 26. A method according to claim 25, where updating comprises,identifying at least one of:
    - at least one configuration standard and at least one vulnerability profile associated with the asset task list, andbased on the at least one asset task list and the identified at least one of at least one configuration standard and the at least one vulnerability profile, modifying at least one of;
      
      at least one asset and at least one asset component.
  - 27. A method according to claim 1, further comprising, associating account information with a request for data to the second server, performing at least one of a validation and an authentication at the second server, and based on the at least one of the validation and authentication, responding to the request.
  - 32. A method according to claim 1, further comprising, if the at least one security vulnerability is a new vulnerability, updating a database comprising one or more vulnerability profiles.
  - 33. A method according to claim 1, further comprising:
    - providing a numerical vulnerability risk rating associated with the at least one security vulnerability; and
      
      archiving a source code associated with the at least one security vulnerability.
  - 34. A method according to claim 1, further comprising providing a vulnerability risk rating associated with the at least one security vulnerability, the vulnerability risk rating based at least in part on a level of expertise required to exploit the at least one security vulnerability.
  - 35. A method according to claim 1, further comprising informing a user of the at least one security vulnerability if the vulnerability risk rating is within a configurable range.
  - 36. A method according to claim 1, wherein the at least one security vulnerability is detected based at least in part on information from a mailing list or web site.
  - 37. A method according to claim 1, wherein:
    - the at least one asset is associated with a user that is an employee of the corporate entity;
      
      the distinct second server is configured to;
      
      maintain a user account record associated with the user; and
      
      perform a lookup operation to determine that the user is associated with the user account record.
  - 38. A method according to claim 37, wherein the distinct second server is further configured to:
    - based on one or more privileges associated with the user, provide one or more interfaces through which the user can perform a task selected from the group consisting of edit policies, create policies, create or edit configuration standards, create or edit asset profiles, create or edit vulnerability profiles, and create or edit risk assessment questionnaires.
  - 39. A method according to claim 1, wherein the first server comprises a scanning module configured to perform a scan of the plurality of assets under the control of the corporate entity, wherein the plurality of assets are configured to be accessed by the first server via the Internet.

28. A system for managing at least one asset in a corporate entity, the system comprising:
- a first server controlled by the corporate entity and configured to;
  
  store a plurality of asset profiles associated with a plurality of processor-controlled devices associated with the corporate entity,determine at least one security requirement based at least in part on risk assessment information associated with the plurality of processor-controlled devices associated with the corporate entity, andmonitor the plurality of processor-controlled devices to detect at least one security vulnerability; and
  
  communicate a request for data via an Internet connection;
  
  a distinct second server outside the control of the corporate entity, the distinct second server physically residing at a location that is outside the control of the corporate entity, the second server configured to receive the request for data via the Internet connection, the second server configured to provide data to the first server, via the Internet connection, in response to a request from the first server, the data associated with the at least one security vulnerability;
  
  wherein;
  
  the at least one asset is associated with a user that is an employee of the corporate entity;
  
  the distinct second server is configured to;
  
  maintain a user account record associated with the user; and
  
  perform a lookup operation to determine that the user is associated with the user account record; and
  
  wherein the distinct second server is further configured to;
  
  based on one or more privileges associated with the user, provide one or more interfaces through which the user can perform a task selected from the group consisting of edit policies, create policies, create or edit configuration standards, create or edit asset profiles, create or edit vulnerability profiles, and create or edit risk assessment questionnaires.
- View Dependent Claims (29, 30, 31, 40, 41)
- - 29. A system according to claim 28, where the second server stores account data associated with the first server, the account data comprising privilege data.
  - 30. A system according to claim 28, where the first server comprises at least one of a workflow module, a scanning module, an auto-discovery module, an auto-inventory module, and an auto-remediation module.
  - 31. A system according to claim 28, where the first server stores at least one vulnerability profile associated with at least one asset profile.
  - 40. A system according to claim 28, where at least one of the first server and the second server comprise a vulnerability module.
  - 41. A system according to claim 28, wherein the first server comprises a scanning module configured to perform a scan of the plurality of assets under the control of the corporate entity, wherein the plurality of assets are configured to be accessed by the first server via the Internet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Inventors
Hutchinson, Robin, Giubileo, John, O'Brien, Darci
Primary Examiner(s)
Daftuar, Saket K

Application Number

US10/264,879
Publication Number

US 20040010571A1
Time in Patent Office

4,624 Days
Field of Search

709200-202, 709/219, 709/224, 709/217, 709/218, 717169-178, 713/201
US Class Current

1/1
CPC Class Codes

G06Q 10/10   Office automation; Time man...

H04L 63/0428   wherein the data content is...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

Methods and systems for managing enterprise assets

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for managing enterprise assets

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links